ok I found my problem. I have forgotten to add my domain in the proxy.conf, after I have done this ldap search works fine.
but know I have one more problem with authentification. I want to use peap with mschap to support both windows und linux systems. But authentification fails. I don't know what i have to configure or where is the problem. I would be very happy about some hints. I'm sorry about the very long debug output.... rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=86, length=149 NAS-IP-Address = 192.168.0.2 NAS-Port = 50006 NAS-Port-Type = Ethernet User-Name = "FIRMA1\\usera" Called-Station-Id = "00-15-F9-D8-7C-C6" Calling-Station-Id = "00-1A-4B-63-69-0B" Service-Type = Framed-User Framed-MTU = 1500 State = 0x1558e554175bfc9edc831547521be2ad EAP-Message = 0x020300061900 Message-Authenticator = 0xfb650903c72222207e001d0385d8a036 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] expand: %t -> Fri Oct 22 18:32:40 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 86 to 192.168.0.2 port 1812 EAP-Message = 0x0104003619000f0b409c6f7dd2e83b8a1ad34c1b43c61b5cfa499e7822f081073040ea4c9280acd2686fd194f216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1558e554165cfc9edc831547521be2ad Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=87, length=465 NAS-IP-Address = 192.168.0.2 NAS-Port = 50006 NAS-Port-Type = Ethernet User-Name = "FIRMA1\\usera" Called-Station-Id = "00-15-F9-D8-7C-C6" Calling-Station-Id = "00-1A-4B-63-69-0B" Service-Type = Framed-User Framed-MTU = 1500 State = 0x1558e554165cfc9edc831547521be2ad EAP-Message = 0x020401401980000001361603010106100001020100626313e9c274f169e9ed94821e91d59e61578ab381c0e35788422b88b6e12b77d9551a970514289baaaf9c2ec3edb8ae126c1c5b5f29d7883997fee2eee9f55a635005cb534cf7c708f0a0ec98dbda376e88b67de4616926d9aa586737b2536998fad9c4648c8ce1e3b704415c4031063fc103bf0ddd1159d8b8ef2c5c41332aca99428569333c19f8d539b1a01f232cdf9023030176aef9c9bcea7588447853febc8b340da21d9b5af78d2d8b5b3acc0779e9f8d970f93471273749a0653a7e6611ee11bfcabb019b34e3f54f5e1b693d89fe471eab29d8027641dfed05bfeeeca249fd3561371c EAP-Message = 0xa736d666ebba66d8c0a368d306e0af12f71b43504cad85a614030100010116030100204c903a9993c942b403d46902c7564ea7f66787ca59a02e46fc08946a84aa509d Message-Authenticator = 0x67bf63ab1ed1abebb8161ae463114461 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] expand: %t -> Fri Oct 22 18:32:40 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 4 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 87 to 192.168.0.2 port 1812 EAP-Message = 0x0105003119001403010001011603010020f8490ec428507eb9225fb4fb3682dd9e465b8988e2ad4c39c0e66520252de24e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1558e554115dfc9edc831547521be2ad Finished request 10. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=88, length=149 NAS-IP-Address = 192.168.0.2 NAS-Port = 50006 NAS-Port-Type = Ethernet User-Name = "FIRMA1\\usera" Called-Station-Id = "00-15-F9-D8-7C-C6" Calling-Station-Id = "00-1A-4B-63-69-0B" Service-Type = Framed-User Framed-MTU = 1500 State = 0x1558e554115dfc9edc831547521be2ad EAP-Message = 0x020500061900 Message-Authenticator = 0x6c4b11714b857cd0281b682e13c4d900 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] expand: %t -> Fri Oct 22 18:32:40 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 88 to 192.168.0.2 port 1812 EAP-Message = 0x0106002019001703010015f5a3ae52506203eb77289c53fadddc8aced654bcc9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1558e554105efc9edc831547521be2ad Finished request 11. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=89, length=186 NAS-IP-Address = 192.168.0.2 NAS-Port = 50006 NAS-Port-Type = Ethernet User-Name = "FIRMA1\\usera" Called-Station-Id = "00-15-F9-D8-7C-C6" Calling-Station-Id = "00-1A-4B-63-69-0B" Service-Type = Framed-User Framed-MTU = 1500 State = 0x1558e554105efc9edc831547521be2ad EAP-Message = 0x0206002b19001703010020a6ad92351444936d3c1868fea4cce44c06a598df0d5fa027e4123c6c3daf8f5b Message-Authenticator = 0x66c1321b7a94107cc7e7d22f05c2fbf3 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] expand: %t -> Fri Oct 22 18:32:41 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 6 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - FIRMA1\usera [peap] Got tunneled request EAP-Message = 0x02060014014649524d41315c626c657273636861 server { PEAP: Got tunneled identity of FIRMA1\usera PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to FIRMA1\usera Sending tunneled request EAP-Message = 0x02060014014649524d41315c626c657273636861 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "FIRMA1\\usera" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok ++[control] returns ok [eap] EAP packet type response id 6 length 20 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for usera [ldap] expand: %{Stripped-User-Name} -> usera [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usera) [ldap] expand: dc=firma1,dc=de -> dc=firma1,dc=de [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=firma1,dc=de, with filter (uid=usera) [ldap] Added User-Password = {SSHA}WNtfzJKztV/VYNqJAew//EpfaqFTTmRY in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaNtPassword -> NT-Password == 0x3043423639343838303546373937424632413832383037393733423839353337 [ldap] sambaLmPassword -> LM-Password == 0x3031464335413642453742433639323941414433423433354235313430344545 [ldap] looking for reply items in directory... [ldap] user usera authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010700291a0107002410c823f451f29e4818ccd3f0be9f3650634649524d41315c626c657273636861 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5046181b5037b4806fda72c76d930a8 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010700291a0107002410c823f451f29e4818ccd3f0be9f3650634649524d41315c626c657273636861 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5046181b5037b4806fda72c76d930a8 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 89 to 192.168.0.2 port 1812 EAP-Message = 0x0107004019001703010035c52325a3ae3a7f6bd4de688fbfef456c0fc3bd0b986af49abfb022fb9ba5a7b92058dc051da50ecf7b3ef7c4eaad3cbd6e99f65e78 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1558e554135ffc9edc831547521be2ad Finished request 12. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=90, length=240 NAS-IP-Address = 192.168.0.2 NAS-Port = 50006 NAS-Port-Type = Ethernet User-Name = "FIRMA1\\usera" Called-Station-Id = "00-15-F9-D8-7C-C6" Calling-Station-Id = "00-1A-4B-63-69-0B" Service-Type = Framed-User Framed-MTU = 1500 State = 0x1558e554135ffc9edc831547521be2ad EAP-Message = 0x0207006119001703010056c97cf317a157bd52798bc228692340b159bf37c206e5a659f93993bfcff9077f69ae0747ad07c868de4fb65a6a1ab6a0212c883f47be656fca32ee3b02a4e6d0c197f4ed72c68d497e8872ad262de7fb1b7737c21234 Message-Authenticator = 0x0aacaddadb8a501835ed2f2cd9df836c +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] expand: %t -> Fri Oct 22 18:32:41 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 7 length 97 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0207004a1a0207004531465311ebc4ad0d394e81e0d169961d1100000000000000001c75cd6fd76bac69737473ecbe0df750a88714f72a4bc71a004649524d41315c626c657273636861 server { PEAP: Setting User-Name to FIRMA1\usera Sending tunneled request EAP-Message = 0x0207004a1a0207004531465311ebc4ad0d394e81e0d169961d1100000000000000001c75cd6fd76bac69737473ecbe0df750a88714f72a4bc71a004649524d41315c626c657273636861 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "FIRMA1\\usera" State = 0xb5046181b5037b4806fda72c76d930a8 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok ++[control] returns ok [eap] EAP packet type response id 7 length 74 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for usera [ldap] expand: %{Stripped-User-Name} -> usera [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usera) [ldap] expand: dc=firma1,dc=de -> dc=firma1,dc=de [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=firma1,dc=de, with filter (uid=usera) [ldap] Added User-Password = {SSHA}WNtfzJKztV/VYNqJAew//EpfaqFTTmRY in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaNtPassword -> NT-Password == 0x3043423639343838303546373937424632413832383037393733423839353337 [ldap] sambaLmPassword -> LM-Password == 0x3031464335413642453742433639323941414433423433354235313430344545 [ldap] looking for reply items in directory... [ldap] user usera authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Found LM-Password [mschap] Found NT-Password [mschap] NT Domain delimeter found, should we have enabled with_ntdomain_hack? [mschap] Told to do MS-CHAPv2 for FIRMA1\usera with NT-Password [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. Login incorrect: [usera/<via Auth-Type = EAP>] (from client TESTSW01 port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 90 to 192.168.0.2 port 1812 EAP-Message = 0x010800261900170301001be755b066be3f16eb4a1f8d7d3f54bf6333dc8a1865a7ef9dc1d31c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1558e5541250fc9edc831547521be2ad Finished request 13. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=91, length=181 NAS-IP-Address = 192.168.0.2 NAS-Port = 50006 NAS-Port-Type = Ethernet User-Name = "FIRMA1\\usera" Called-Station-Id = "00-15-F9-D8-7C-C6" Calling-Station-Id = "00-1A-4B-63-69-0B" Service-Type = Framed-User Framed-MTU = 1500 State = 0x1558e5541250fc9edc831547521be2ad EAP-Message = 0x020800261900170301001bd0e5d1e8905737296a8cc3e900996439f0cf0a79a1254ecc7514a1 Message-Authenticator = 0xac386bf0ee6044841d403e1ac7a8dea3 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022 [auth_log] expand: %t -> Fri Oct 22 18:32:41 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera" [ntdomain] Found realm "FIRMA1" [ntdomain] Adding Stripped-User-Name = "usera" [ntdomain] Adding Realm = "FIRMA1" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 8 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [usera/<via Auth-Type = EAP>] (from client TESTSW01 port 50006 cli 00-1A-4B-63-69-0B) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> FIRMA1\usera attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 14 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 14 Sending Access-Reject of id 91 to 192.168.0.2 port 1812 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 -- View this message in context: http://freeradius.1045715.n5.nabble.com/LDAP-authentication-failed-tp3217861p3232594.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html